Share this on:

Welcome to Western Connecticut State University's Information Technology security website. This site provides you information about security and tools that are needed to secure and guard your computer against known security threats. This website is a repository of information related to all different areas of system and information security. We encourage you to visit this site regularly for up to date information on information security as technology changes and new threats and vulnerabilities are discovered every day.

Data Classification

Information, which by law is confidential, must be protected from unauthorized access or modification. Data, which is essential to critical functions, must be protected from loss, contamination, or destruction.

Data Classification is the process of grouping data elements together by risk level. WCSU has identified four Data Classification Levels (DCL) from 0 to 3. Appropriate security controls will be applied to each classification level. Increasingly restrictive data management and security practices are required for each level, with DCL0 requiring limited protection to DCL3 (formerly referred to as Class A Data) requiring the most protection.

Data Classification

Data Classification Level (DCL)

Description

Examples

3

DCL3

(Protected Confidential)

Level 3 is protected confidential data, which comprises identity and financial data that, if improperly disclosed, could be used for identity theft or to cause financial harm to an individual or WCSU.
Security at this level is very high (highest possible).

Identity Data with:

Social Security number

Bank account or debit card information

Credit card number & cardholder information

Student Loan Data

2

DCL2

(Restricted)

Level 2 is restricted data that is available for disclosure, but only under strictly controlled circumstances.
Such information must typically be restricted due to proprietary, ethical or privacy considerations.
An example of such restrictions is the FERPA guidelines that govern publication and disclosure of student information.
Security at this level is high.

Identity Data with:

Birth date

Mother’s maiden name

Academic records (e.g. Grades, Test scores, Courses taken, etc.)

Student Records (e.g. Advising records, Disciplinary actions)

Employee Records

1DCL1(Internal)

Level 1 is internal data that has not been approved for general circulation outside WCSU where its disclosure would inconvenience WCSU, but is unlikely to result in financial loss or serious damage to credibility.
Security at this level is controlled but normal.

Internal memos

Minutes of meetings

Internal project reports

0DCL0(Public)

Level 0 is public data that has been explicitly approved for distribution to the public. Disclosure of public data requires no authorization and may be freely disseminated without potential harm to WCSU.
Security at this level is minimal.